I have a site developed using vb.net 2.0. It has a URL of like http://dgmseoc.com. I want to avoid any malicious requests using other URLs. I have tried to implement using the code below and would like to kick such requests out of the site on the page load. How can I achieve this? Any help please – thank you in advance:
If (urlParams.Contains("http") And
Not urlParams.Contains(Request.ServerVariables("HTTP_HOST").ToString)) Then
‘Would like to kick out of the site here.
End If
If you want your web-site to only respond to requests using dgmseoc.com as the hostname, then you should not be implementing this in your application.
Instead, you should be implementing it in your web-server. Please consult the IIS documentation for details on how to listen on specific Host Header names to do this, e.g. IIS 5, IIS 6.0
Related
it's probably I pretty dumb question but I just can't find any information online on how to do this. Probably I'm googling the wrong stuff.
I have to do 2 things. Send xml files via XMLHTTPRequests to a given Server. That's not a problem and easily done. But the company I'm working with also wants me to provide a Server that can receive XMLHTTPRequests and saves them into a file which I can then work with.
How do I handle this? Does I have to setup e.g. NGINX to do this or is this just a specific website I have to host? When I google for XMLHTTPRequests I only find how to send or get data but not how to setup the Server Side. I really have no clue.
Hope you can send me the right way so I can finally continue to work on this.
ty :)
You need a web server server side to receive requests from XMLHTTPRequest calls. You could set up NGINX to do this, or use any web server that you want.
This isn't usually covered in the documentation because you need to serve the page that contains the JavaScript with the XMLHTTPRequest from some server. To get to the point where you are making a XMLHTTPRequest, you already need some HTTP server set up and working. You would usually configure the page to be served from some a main URL like https://example.com/ and have the XMLHTTPRequest call to another URL like https://example.com/log-data would have you logic for storing to a file like your requirement.
I am trying to achieve URL redirection i want to know different possibilities to achieve this.
Scenario: I have created sharepoint web application(2013, host header site collection) with Annonymous access enabled and NTLM(windows authentication enabled--- Both are enabled). I have bind this site to certificate also and its working as expected if i browse the site with https://test.com
but if i just browse the site with http://test.com its asking me for user name and password. This i want to avoid even if i try to access http my requirement is it should redirect to https.
I have entered username and password and returns 200 http status.
I know there are options we can achieve this
1) IIS redirect
2) Through custom code snippet (C#/Javascript)
But apart from this is there any way we can achieve this like load balance or DNS etc
Your guidence will be really help full.
Regards
Sri
I think you can achieve this by addin an AAM (Alternate Access Mapping) setting in a sharepoint site.
Try to convert an Https request to the http in that. I haven't tried it myself so I am not sure if this will work or not, but there are some examples of a reverse which you want.
For your reference this is a link to make it for http to https
https://sharepoint.stackexchange.com/questions/64484/http-to-https-redirection-using-aam
Let me know the outcome.
Please forgive me if this question is poorly asked. I will delete it if it's a waste of everyone's time. I didn't implement this so I'm walking blind. The person who implemented this left and I need to get something to work.
So we are running our website from the play framework version 2.1.2 on a Centos server. When I execute "ps", I can see play is listening on port 9005 for http and 9004 for https.
The website requires authentication from Okta (I can probably post snippets of Java code showing this if needed) so users must authenticate from Okta via SAML before they can use our site.
Inside Okta, under SAML settings, there are 4 URLS:
SSO URL
Recipient URL
Destination URL
Audience URI (SP Entity ID)
If I set all urls to be http://mysite.mydomain.com:9005/login?client_name=Saml2Client, it works fine. The site works fine.
If I change all the urls to use https and port 9004 ( https://mysite.mydomain.com:9004/login?client_name=Saml2Client), it doesn't work. I get a HTTP 500 error.
Even weirder is if authenticate thru Okta and in another tab type in the host server instead of the FQDN, it works. https://servername.mydomain.com:9004 works fine. It's just when I log on thru Okta and click on the icon (or type the FQDN) that it gives me a HTTP 500 error.
What is Okta looking at when looking at each of the URLs. What do I need to look for to compare the difference between port 9004 and 9005 to get port 9004 to work thru Okta?
So summary:
http://mysite.domain.com:9005/login.... - works thru Okta
https://mysite.domain.com:9004/login... - doesn't work thru Okta
https://servername.domain.com:9004 - typed in URI bar, works fine
If more information is required to answer my question, let me know and I'll update the question.
Does your okta configuration looks like this?
While your app has that end point properly configured.
Attaching scala snippet of a controller end point for example:
def oktaLogin = Secure("SAML2Client") { profiles =>
Action.async { implicit request =>
val email = profiles.head.getId
login(email)
}
}
So our situation is this. We were using the Play framework ver 2.1.2. We are also using the play-pac4j library ver 1.1.4. for SAML support. Apparently, in the pac4j lib, there's a file called JavaWebContext.java. Inside, it hardcodes the scheme to be http. This messes us up, and not Okta.
Starting in version 1.4.x of this library, we see it check which scheme we need (http or https).
I'm not sure if we can use play 2.1.2 with version 1.4.x of the pac4j library or not. I'll update this answer when/if we find out.
I'm developing a database backed web-app. I will be providing the same basic services to several branches of the same company.
Right now I have an Apache server with virtual servers and a resource server for reporting.
branch1.mycompany.com
branch2.mycompany.com
resources.mycompany.com
So basically when I call resources from the site I pass the site as a parameter.
branch1.mycompany.com -> resources.mycompany.com?branch=1¶meter=1
branch2.mycompany.com -> resources.mycompany.com?branch=2¶meter=1
Even with two branches there is a problem trying to keep up with updating both sites and now, I'm going to be implementing this scheme for seven sites.
So my question is this: Is there a way I can make a IIS or TomEE web-app with the following features?
I want to still allow each branch to access trough its URL
Even when there are 7 URLs; all of them will be pointing to the same web-app
Depending on the URL, is there a way the site parameter can be inferred or calculated so I can call the right resource or web service?
The user should never realize they are accessing a common web-app. (i.e. should not be redirected to web-app.mycompany.com?site=1.)
Tomcat (so tomee) has now a rewrite valve which is close to httpd mod_rewrite, this can surely solve that smoothly. I assume IIS has it as well but don't know it that much. Trick is to reverse proxy the requests.
I read some of the answers related to the topic but my situation is a little different. I'm hosted on GoDaddy shared Linux hosting. Currently my application is setup to handle uri's as follows:
https://state.domain.com/region/client/xyz/function1
I want to change the application so the new url will be as follows. The change has been implemented and working for new clients but for my existing clients I want to this to be seamless without having them to update the url they are using to access the application. The new url would be:
https://country.domain.com/state/region/client/xyz/function1
We have quite a few clients that are using the application and I was wondering if we can use wildcards to create generic redirection. What would be the best way to achieve this?
I was reading subdomain redirection through htaccess but in my case I need the generic redirection to give me the complete uri so for example in the above case the redirected uri should be exactly as specified above. In another case if the incoming request is for
.../region/client/xyz/function2
It should be redirected to
.../state/region/client/xyz/function2
Any help would be really appreciated